401 page after failed login

[Sean Day]

Hi,

I think I must be missing something simple here. 

If I enter an incorrect username/password on our CAS 5.x server I get a 401 error page, on our old 3.5 CAS service the login page used to display an incorrect password message but would stay on the login screen. 

I have not managed to find any pointers on how to control this, I am guessing it is to do with the login-webflow.xml file but have no idea what I need to change?

Is this default behaviour or do I have a bigger problem in my config that is causing this?

Thanks

Sean

[Sean Day]

OK, after spending way too much time trying to workout what was wrong in my CAS config I have found the cause (but not the solution yet).

We have a practice of deploying all web applications on IIS, I therefore have IIS sitting in front of CAS using the tomcat ISAPI redirector to pass the requests to tomcat.

The 401 error I was seeing is the standard IIS 401 page, checking the IIS logs this has a substatus of 5 which means the 401 has come from tomcat.

As a simple test I re-enable port 8080 on Tomcat and tested directly to tomcat and the failed logins work as expected with an 'Invalid credentials' message displayed on the login page.

I am guessing that IIS is blocking CAS from handling the 401 error in some way which I have yet to figure out...

[Sean Day]

For reference I have found

Changed from using the ISAP redirector to HttpPlatformHandler and the system works so it appears to be a problem with using the ISAP redirector or I am missing a config setting that would allow the 401 to be passed back to Tomcat/CAS to display the message on the login page.

So I have 2 options, just use Tomcat or use HttpPlatformHandler instead of ISAPI redirector but I am curious if anyone else fronts their CAS service with IIS and has found this issue?

Sean